 | NixOS AWS | 64 Members |
| 15 Servers |
| NixOS AWS | 64 Members |
| 15 Servers |
| Sender | Message | Time |
|---|---|---|
| 6 Nov 2024 | ||
 Arian | So it's just for a set of blessed images? | 22:53:04 |
 commiterate | Advanced parameters (since standard ones don't support resource-level policies) has a cost though: https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-advanced-parameters.html | 22:53:11 |
| commiterate | Yeah it looks like they hardcode what parameters are public. | 22:53:25 |
| commiterate | Even with the resource-level IAM policy, it seems people must refer to the parameter by its full ARN instead of just the name (if only the name is provided, it guesses the full ARN using the caller's account + region). | 23:03:22 |
| commiterate | So tl;dr we need to negotiate with AWS to get us on the hardcoded list. | 23:06:33 |
| commiterate | I don't have any ins at SSM so I'd be asking a TAM just like you. | 23:08:58 |
| commiterate | * I don't have any contacts at SSM so I'd be asking a TAM just like you. | 23:09:23 |
| Arian | Yeh I'll bring it up. I'm just curious as it's a bit of a nicer experience then describe-image | 23:09:58 |
| Arian | (in my opinion) | 23:10:07 |
| commiterate | It's definitely nicer because it removes account IDs from the equation and DescribeImage can be quite slow. | 23:10:30 |
| commiterate | I just don't know how open they are to it. Amazon seems to have very flew blessed OSes/distros (Amazon Linux, RHEL, Ubuntu, Windows Server, macOS) and they probably only want SSM public parameters for images they publish/control. https://docs.aws.amazon.com/managedservices/latest/appguide/ams-amis.html Everyone else I imagine they just redirect to the AWS marketplace. | 23:13:18 |
| commiterate | * I just don't know how open they are to it. Amazon seems to have very flew blessed OSes/distros (Amazon Linux, RHEL, Ubuntu, Windows Server, macOS) and they probably only want SSM public parameters for images they publish/control. Everyone else I imagine they just redirect to the AWS marketplace. | 23:14:30 |
| commiterate | Wait really? | 23:16:35 |
| commiterate | Well that's fun. I'll need to bring that up as part of chasing down the team that actually owns ImportImage and ImportSnapshot and ask they to add Cfn support because Image Bulider isn't the team and doesn't seem keen on taking ownership of those APIs. | 23:17:54 |
| Arian | Yeh if your image doesn't contain an /etc/fstab it crashes | 23:33:23 |
| Arian | Then I haedcoded an /etc/fstab and it crashed again | 23:34:05 |
| Arian | They do some analysis of the image by mounting it | 23:34:14 |
| Arian | Also import image takes *waaaay* longer than import-snapshot | 23:34:25 |
| Arian | Like 25-30 minutes | 23:34:30 |
| 7 Nov 2024 | ||
| commiterate | Feature request on the public Cfn roadmap: https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/2175 Will be chasing AWS internally for this one as well. | 00:16:05 |
| commiterate | * Feature request on the public Cfn roadmap: https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/2175 | 00:29:24 |
 colemickens | Please do let me know if there's any help I can lend to this PR, besides testing/reviewing: https://github.com/NixOS/nixpkgs/pull/343939 | 15:46:40 |
| Arian | Just seems to need a rebase and a re-review | 15:49:10 |
| Arian | We did go into breaking changes freeze for 24.11 though. So idk if I can still merge it :/ | 15:49:31 |
 quyse joined the room. | 19:52:46 | |
| quyse | hi! I'm using my custom NixOS AMI built with "${modulesPath}/../maintainers/scripts/ec2/amazon-image.nix" module. The EC2 serial console in the AWS web interface works (shows boot messages like it's a display), but "get system log" in the web interface, and the aws ec2 get-console-output command both always return empty output.Is the system log thing even supposed to work? I am not very familiar with AWS, but I thought it works via the same mechanism as the EC2 serial console, and since the amazon-image.nix module enables serial console via kernel param ( console=ttyS0), it should work too | 20:04:28 |
| quyse | * hi! I'm using my custom NixOS AMI built with "${modulesPath}/../maintainers/scripts/ec2/amazon-image.nix" module. The EC2 serial console in the AWS web interface works (shows boot messages like it's a display), but "get system log" in the web interface, and the aws ec2 get-console-output command both always return empty output.Is the system log thing even supposed to work? I am not very familiar with AWS, but I thought it works via the same mechanism as the EC2 serial console, and since the amazon-image.nix module enables serial console via kernel param ( console=ttyS0), it should work too | 20:04:40 |
| Arian | This is expected for Nitro instances you need to call get-console-output with --latest | 20:13:04 |
| Arian | get-console-output without --latest is only available after instance termination | 20:13:28 |
| Arian | Or Connect -> EC2 Serial Console. Should work roo | 20:14:19 |